Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6737 | Cross-site Scripting vulnerability in Shortpixel Enable Media Replace The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-11 | CVE-2023-6776 | Cross-site Scripting vulnerability in 3Dflipbook 3D Flipbook The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-01-11 | CVE-2023-6781 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. | 5.4 |
| 2024-01-11 | CVE-2023-6782 | Cross-site Scripting vulnerability in Magazine3 AMP for WP The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-6828 | Cross-site Scripting vulnerability in Reputeinfosystems Arforms Form Builder The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-11 | CVE-2023-6882 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-11 | CVE-2023-6924 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2024-01-11 | CVE-2023-6934 | Cross-site Scripting vulnerability in Limitloginattempts Limit Login Attempts Reloaded The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-6988 | Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder 1.0.227/1.0.229/1.0.239 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-11 | CVE-2023-6990 | Cross-site Scripting vulnerability in Weavertheme Weaver Xtreme Theme Support The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). | 5.4 |